<?php
/*
+------------------------------------------------------------------------------+
| Copyright (c) 2009, draftrack                                                |
| All rights reserved.                                                         |
|                                                                              |
| Redistribution and use in source and binary forms, with or without           |
| modification, are permitted provided that the following conditions are met:  |
|     * Redistributions of source code must retain the above copyright         |
|       notice, this list of conditions and the following disclaimer.          |
|     * Redistributions in binary form must reproduce the above copyright      |
|       notice, this list of conditions and the following disclaimer in the    |
|       documentation and/or other materials provided with the distribution.   |
|     * Neither the name of the <organization> nor the                         |
|       names of its contributors may be used to endorse or promote products   |
|       derived from this software without specific prior written permission.  |
|                                                                              |
| THIS SOFTWARE IS PROVIDED BY draftrack team ''AS IS'' AND ANY                |
| EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED    |
| WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE       |
| DISCLAIMED. IN NO EVENT SHALL draftrack team BE LIABLE FOR ANY               |
| DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES   |
| (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND  |
| ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT   |
| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS|
| SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.                 |
+------------------------------------------------------------------------------+
*/
/*
* Front end plugin extension to manage application initialization
*/
require_once('Zend/Controller/Plugin/Abstract.php');

/**
 * This plugin validates that the calling application correctly signed for the request
 * It also creates the user object for which the client application is signed
 * If the request is badly signed, an error 401 is returned
 * If the client application is not allowed to perform the query an error XXX is returned
 * 
 * @uses Zend_Controller_Plugin_Abstract
 */
class Myzen_Controller_Plugin_ValidateSignature extends Zend_Controller_Plugin_Abstract {	

  /**
   * Constructor
   *
   * @param  void
   * @return void
  **/
  public function __construct() {}

  /**
   * routeShutdown
   *
   * @param  Zend_Controller_Request_Abstract $request
   * @return void
  **/
  public function routeShutdown(Zend_Controller_Request_Abstract $request) {
    //The auth module and index controller is responsible by itself to validate the signature
    if('auth' == $request->getModuleName()) return;
	
	//Other exception is the asynchronous / message / process function that handles the asynchronous calls
	if('asynchronous' == $request->getModuleName() && 'message' == $request->getControllerName() && 'process' == $request->getActionName()) return;
    
    //For other actions we validate the signature
	$dataStore = new Myzen_Oauth_Datastore_Db();
	$server = new Myzen_Oauth_Server($dataStore);
	$hmac_method = new Myzen_Oauth_Signaturemethod_HMACSHA1();
	$server->add_signature_method($hmac_method);

    $req = Myzen_Oauth_Request::from_request();
	
	
//Zend_Registry::get('dt_log')->log('request found:'.serialize($req), Zend_Log::DEBUG);	
	//Need to reload the parameters in the Zend framework as it may have been called with postbody
	$paramsList = $req->get_parameters();
	if(!empty($paramsList)) {
		$request->setParams($paramsList);
	}


    list($consumer, $accessToken) = $server->verify_request($req);
Zend_Registry::get('dt_log')->log('consumerKey:'.$consumer->getKey().'-accessTokenKey:'.$accessToken->getKey().'-email:'.$accessToken->getEmail(), Zend_Log::INFO);

	$request->setParam('draftrack_consumerKey',$consumer->getKey());

    //If no exception has been raised, we can register the user in the registry and process
    $user = new Myzen_User(array('email' => $accessToken->getEmail()));
    Zend_Registry::set('app_user', $user);
    

    
  } //end routeShutdown
  

    		
}//end class	
